From: Farzan Q. <fqu...@ro...> - 2011-10-22 05:11:02
|
Hi Rone and Kenneth, Thanks for your guidance. Kenneth would you please help me to create forwarding rule for multiple red IPs? Thanks in anticipation. Farzan On Oct 22, 2011 1:01 PM, "rone" <ro...@ed...> wrote: > > I suggest you compare your configuration with Kenneth who says he has > multiple red IPs forwarding successfully with EFW 2.4.1. > > Also, could you perform a test? SSH in to your EFW machine or go to the > console and try to telnet to one of the secondary IPs that have a port > forwarding rule defined and see if the traffic is correctly forwarded when > tested in this manner. This is the test I performed on the virtualized > setup > that led to the likely conclusion that this is virtual network issue rather > than an EFW specific issue. > > Example: > > let's say your primary IP is x.x.x.x and your secondary is x.x.x.y, define > a > forwarding rule on x.x.x.y pointing to an internal machine with an > accessible service such as terminal services, smtp, imap, pop, etc - > whatever which is what is not working under 2.4.1, then from a console/ssh > session on the endian test with telnet: > > telnet x.x.x.y <port#> > > and see if the a connection is established > > thanks very much > > > > > > Farzan Qureshi-2 wrote: > > > > I am not running endian as VM appliance but as a physical host. My > version > > is 2.4.1. > > > > Wondering if it works for u under vm then i will move to vm scenario. > > On Oct 22, 2011 12:12 PM, "rone" <ro...@ed...> wrote: > > > >> > >> Will do, could you please post what is your configuration so we can > >> compare > >> and gather further data? Version of Endian you have tested / which > >> virtualization solution? > >> > >> Thanks > >> > >> > >> Farzan Qureshi-2 wrote: > >> > > >> > Plz do post your findings as i am also running into same issues.. > >> > On Oct 22, 2011 6:48 AM, "rone" <ro...@ed...> wrote: > >> > > >> >> > >> >> > >> >> Thanks for the offer. Somewhat of a breakthrough last night. Am > >> running > >> >> EFW > >> >> as a virtual machine under KVM and it seems that somehow packets are > >> not > >> >> actually making it to the EFW on the secondary IPs, seems something > to > >> do > >> >> with the virtualization configuration although it is the first time > >> I've > >> >> seen this and have run a variety of OSs under the same setup. > >> >> > >> >> EFW 2.4.1 definitely had the issue with not forwarding traffic to any > >> but > >> >> the primary IP running directly on hardware which is why we switched > >> to > >> a > >> >> virtualized setup. That particular installation has been replaced so > I > >> >> don't > >> >> have an example to show on that one. > >> >> > >> >> Will pursue this from the virtualization side and post back here what > >> I > >> >> find. > >> >> > >> >> Thanks for the input. > >> >> > >> >> > >> >> Kenneth Lundström wrote: > >> >> > > >> >> > If needed we could use Teamviewer and you can show your > >> configuration, > >> >> > > >> >> > > >> >> > Kenneth > >> >> > > >> >> >> Thanks, > >> >> >> > >> >> >> I would be extremely interested in what version you are running > and > >> >> what > >> >> >> your port forwarding configuration is. I have spent many hours > with > >> >> this > >> >> >> and > >> >> >> have not been able to get any but the first / primary IP assigned > >> to > >> >> the > >> >> >> red > >> >> >> interface to forward any traffic to an internal IP. > >> >> >> > >> >> >> I am configuring rules as follows: > >> >> >> > >> >> >> Port forwarding / Nat rule: Access from type Any, Target: have > >> tried > >> >> any > >> >> >> uplink as well as selecting the specific red IP desired. Any > uplink > >> >> works > >> >> >> only on the primary IP. > >> >> >> > >> >> >> Filter policy is either allow or allow with IPS. > >> >> >> > >> >> >> Services are typically a single TCP port. > >> >> >> > >> >> >> Translate to: IP , DNAT policy: NAT. > >> >> >> > >> >> >> Insert IP: internal IP of server to be forwarded to, Port/Range: > >> >> internal > >> >> >> port to be forwarded to. > >> >> >> > >> >> >> > >> >> >> Any advice or input would be greatly appreciated. > >> >> >> > >> >> >> > >> >> >> > >> >> >> > >> >> >> Kenneth Lundström wrote: > >> >> >>> In what way can't you get it to work? > >> >> >>> > >> >> >>> I have at the moment two Endian running with maybe 15 RED IP:s on > >> >> both > >> >> >>> and can forward from whatever IP to whatever internal address I > >> like. > >> >> >>> > >> >> >>> Please describe what you have done and we might be able to help > >> you. > >> >> >>> > >> >> >>> > >> >> >>> Kenneth > >> >> >>>> Dear All, > >> >> >>>> > >> >> >>>> This has been discussed before - I have been using Endian for > >> years > >> >> and > >> >> >>>> for > >> >> >>>> the first time attempted to configure a red interface with > >> multiple > >> >> >>>> IPs. > >> >> >>>> I > >> >> >>>> have tried many configurations to get this to work both in > >> version > >> >> >>>> 2.4.1 > >> >> >>>> and > >> >> >>>> version 2.3. > >> >> >>>> > >> >> >>>> Would greatly appreciate any input on how to get ports forwarded > >> >> from > >> >> >>>> additional red IPs -- I can only get the primary red IP to > >> forward > >> >> any > >> >> >>>> traffic. > >> >> >>>> > >> >> >>>> Thanks. > >> >> >>> > >> >> >>> > >> >> > >> > ------------------------------------------------------------------------------ > >> >> >>> The demand for IT networking professionals continues to grow, and > >> the > >> >> >>> demand for specialized networking skills is growing even more > >> >> rapidly. > >> >> >>> Take a complimentary Learning@Cisco Self-Assessment and learn > >> >> >>> about Cisco certifications, training, and career opportunities. > >> >> >>> http://p.sf.net/sfu/cisco-dev2dev > >> >> >>> _______________________________________________ > >> >> >>> Efw-user mailing list > >> >> >>> Efw...@li... > >> >> >>> https://lists.sourceforge.net/lists/listinfo/efw-user > >> >> >>> > >> >> >>> > >> >> > > >> >> > > >> >> > > >> >> > >> > ------------------------------------------------------------------------------ > >> >> > The demand for IT networking professionals continues to grow, and > >> the > >> >> > demand for specialized networking skills is growing even more > >> rapidly. > >> >> > Take a complimentary Learning@Cisco Self-Assessment and learn > >> >> > about Cisco certifications, training, and career opportunities. > >> >> > http://p.sf.net/sfu/cisco-dev2dev > >> >> > _______________________________________________ > >> >> > Efw-user mailing list > >> >> > Efw...@li... > >> >> > https://lists.sourceforge.net/lists/listinfo/efw-user > >> >> > > >> >> > > >> >> > >> >> -- > >> >> View this message in context: > >> >> > >> > http://old.nabble.com/Port-forwarding-on-RED-multi-IP-tp32694429p32698079.html > >> >> Sent from the efw-user mailing list archive at Nabble.com. > >> >> > >> >> > >> >> > >> >> > >> > ------------------------------------------------------------------------------ > >> >> The demand for IT networking professionals continues to grow, and the > >> >> demand for specialized networking skills is growing even more > rapidly. > >> >> Take a complimentary Learning@Cisco Self-Assessment and learn > >> >> about Cisco certifications, training, and career opportunities. > >> >> http://p.sf.net/sfu/cisco-dev2dev > >> >> _______________________________________________ > >> >> Efw-user mailing list > >> >> Efw...@li... > >> >> https://lists.sourceforge.net/lists/listinfo/efw-user > >> >> > >> > > >> > > >> > ------------------------------------------------------------------------------ > >> > The demand for IT networking professionals continues to grow, and the > >> > demand for specialized networking skills is growing even more rapidly. > >> > Take a complimentary Learning@Cisco Self-Assessment and learn > >> > about Cisco certifications, training, and career opportunities. > >> > http://p.sf.net/sfu/cisco-dev2dev > >> > _______________________________________________ > >> > Efw-user mailing list > >> > Efw...@li... > >> > https://lists.sourceforge.net/lists/listinfo/efw-user > >> > > >> > > >> > >> -- > >> View this message in context: > >> > http://old.nabble.com/Port-forwarding-on-RED-multi-IP-tp32694429p32699609.html > >> Sent from the efw-user mailing list archive at Nabble.com. > >> > >> > >> > >> > ------------------------------------------------------------------------------ > >> The demand for IT networking professionals continues to grow, and the > >> demand for specialized networking skills is growing even more rapidly. > >> Take a complimentary Learning@Cisco Self-Assessment and learn > >> about Cisco certifications, training, and career opportunities. > >> http://p.sf.net/sfu/cisco-dev2dev > >> _______________________________________________ > >> Efw-user mailing list > >> Efw...@li... > >> https://lists.sourceforge.net/lists/listinfo/efw-user > >> > > > > > ------------------------------------------------------------------------------ > > The demand for IT networking professionals continues to grow, and the > > demand for specialized networking skills is growing even more rapidly. > > Take a complimentary Learning@Cisco Self-Assessment and learn > > about Cisco certifications, training, and career opportunities. > > http://p.sf.net/sfu/cisco-dev2dev > > _______________________________________________ > > Efw-user mailing list > > Efw...@li... > > https://lists.sourceforge.net/lists/listinfo/efw-user > > > > > > -- > View this message in context: > http://old.nabble.com/Port-forwarding-on-RED-multi-IP-tp32694429p32699767.html > Sent from the efw-user mailing list archive at Nabble.com. > > > > ------------------------------------------------------------------------------ > The demand for IT networking professionals continues to grow, and the > demand for specialized networking skills is growing even more rapidly. > Take a complimentary Learning@Cisco Self-Assessment and learn > about Cisco certifications, training, and career opportunities. > http://p.sf.net/sfu/cisco-dev2dev > _______________________________________________ > Efw-user mailing list > Efw...@li... > https://lists.sourceforge.net/lists/listinfo/efw-user > |